package org.hq.web.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

import static org.springframework.security.config.Customizer.withDefaults;
import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;

@Configuration
public class SecurityConfig {
    @Bean
    public SecurityFilterChain formLoginFilterChain(HttpSecurity http) throws Exception {

        //开启 授权保护机制
        http.authorizeHttpRequests(authorize -> authorize
               //.requestMatchers(antMatcher("/login")).permitAll()
                .requestMatchers("/index").permitAll()
                // .requestMatchers("/user/**").hasRole("USER")
                // .requestMatchers("/admin/**").hasRole("ADMIN")
                // 对所有请求保护
                .anyRequest()
                // 以认证用户开发访问
                .authenticated()
        );

        // 登录 配置
        http.formLogin(form -> form
                //表单提交路径
                .loginProcessingUrl("/login")
                //自定义登录页面 无需授权可访问
                .loginPage("/login")
                //登录失败跳转页面
                .failureUrl("/error")
                //登录成功返回结果
                .successHandler(new MyA())
                //登录成功跳转页面
                //.defaultSuccessUrl("/")

                .permitAll());

        // .formLogin(withDefaults());

        //关闭 csrf
        http.csrf(csrf -> csrf
                .disable()
                //.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                // 忽略登录UR
                //.ignoringRequestMatchers("/login")
        );







        //配置登录时间
        //http.rememberMe()
        //跨越请求
       // http.cors(withDefaults());

        //过来器添加
        //http.addFilterBefore(new myguoliq(), UsernamePasswordAuthenticationFilter.class);


        return http.build();
    }


    /**
     * 内存账号
     *
     * @return
     */
    public UserDetailsService userDetailsService() {
        //内存认证
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        UserDetails user = User.withDefaultPasswordEncoder().username("qq").password("12345").roles("USER").build();

        manager.createUser(user);
        return manager;
    }

    /**
     * 加密 密码实力对象
     *
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


}
